Group Roles with Inheritance

Hello,

I want to create three (group) roles.  The first one will be read-only, 
the second will add INSERT, and the third will add UPDATE and DELETE.

Does the below look OK for this purpose or did I forget something?


/** role_r is read-only with SELECT and EXECUTE */
CREATE ROLE role_r;

GRANT USAGE ON SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL TABLES IN SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema> TO role_r;

GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema> TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT SELECT ON TABLES TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT SELECT ON SEQUENCES TO role_r;


/** role_ra adds INSERT */
CREATE ROLE role_ra;
GRANT role_r TO role_ra;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_ra;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT INSERT ON TABLES TO role_ra;


/** role_rawd adds UPDATE, DELETE */
CREATE ROLE role_rawd;
GRANT role_ra TO role_rawd;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_rawd;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT UPDATE, DELETE ON TABLES TO role_rawd;


Thank you,


Igal Sapir
Lucee Core Developer
Lucee.org